The remote certificate is invalid according to the validation procedure

If you get “The remote certificate is invalid according to the validation procedure” exception while trying to establish SSL connection, most likely your server certificate is self-signed or you used incorrect host name to connect (Host name must match the name on certificate, for example ftp.example.com and example.com may point to the same server, but certificate is issued only to ftp.example.com and this is the address you should use).

Good news is that you can accept self-signed certificates using Ftp.dll FTP and FTPS .NET component.

First you need to subscribe to ServerCertificateValidate event.

Then you need to create ValidateCertificate method that validates the certificate (ignores certificate chain and name mismatch errors).

// C# version

using (Ftp client = new Ftp())
{
    // we will use custom validation
    client.ServerCertificateValidate +=
        new ServerCertificateValidateEventHandler(Validate);

    // Minimalistic version to accept any certificate:
    //client.ServerCertificateValidate += 
    //    (sender, e) => { e.IsValid = true; };

    client.ConnectSSL("ftp.example.org");
    client.Login("username", "password");

    foreach (FtpItem item in client.GetList())
    {
        if (item.IsFolder == true)
            Console.WriteLine("[{0}]", item.Name);
        else
            Console.WriteLine"{0}", item.Name);
    }
    client.Close();
}

private static void ValidateCertificate(
    object sender,
    ServerCertificateValidateEventArgs e)
{
    const SslPolicyErrors ignoredErrors =
        SslPolicyErrors.RemoteCertificateChainErrors |  // self-signed
        SslPolicyErrors.RemoteCertificateNameMismatch;  // name mismatch

    if ((e.SslPolicyErrors & ~ignoredErrors) == SslPolicyErrors.None)
    {
        e.IsValid = true;
        return;
    }
    e.IsValid = false;
}
' VB.NET version

Using client As New Ftp()
    ' Use this line to validate self-signed certificates:
    AddHandler client.ServerCertificateValidate, AddressOf ValidateCerificate

    client.ConnectSSL("ftp.example.org")
    client.Login("username", "password")

    For Each item As FtpItem In client.GetList()
        If item.IsFolder = True Then
            Console.WriteLine("[{0}]";, item.Name)
        Else
            Console.WriteLine("{0}", item.Name)
        End If
    Next
    client.Close()
End Using

Private Sub ValidateCerificate( _
    ByVal sender As Object, _
    ByVal e As ServerCertificateValidateEventArgs)

    Const ignoredErrors As SslPolicyErrors = _
        SslPolicyErrors.RemoteCertificateChainErrors Or _    ' self-signed
        SslPolicyErrors.RemoteCertificateNameMismatch        ' name mismatch

    If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then
        e.IsValid = True
        Return
    End If
    e.IsValid = False
End Sub

You can download Ftp.dll FTP/FTPS component for .NET here.

Tags: , , , ,

5 Responses to “The remote certificate is invalid according to the validation procedure”

  1. Ronald Says:

    I want to use your FTP component on aspx page that runs entirely on the web server (IIS). The server uses .net 2.0
    I have to connect to a remote SSL FTP server that uses a certificate.

    I get above error when i try to connect.
    I guess that is because the addhandler code is not being executed on the webserver (that only applies to a client (actual person I think).

    How can I use your FTP componentL in this way?

  2. Limilabs support Says:

    @Ronald

    1.
    Make sure you have add the event handler

    2.
    Accept the certificate by setting e.IsValid = true.

  3. Ronald Says:

    @Support

    I have done that, but i still get the error message.

    I think it has something to do with the fact that my web-page (ASPX) runs entirely on de the server (IIS).

    There is NO user interaction, so the addhandler is NOT fired, so the certificate is not accepted.

    Is there another way I can accompish this?

    Regards,
    Ronald

  4. Ronald Says:

    @Support

    Aparently it does work the way you described.
    I have to add the certificate to the certificate store of IIS.

    I will let you know if that will do the trick

  5. Limilabs support Says:

    @Ronald

    > There is NO user interaction, so the addhandler is NOT fired

    Event handlers don’t not require user interaction.
    Are you sure it’s not fired? Are able to use debugger to check?

    We are using this code for self signed certificates in our test environment,
    so I’m pretty sure that it works correctly

Questions?

Consider using our Q&A forum for asking any questions.